Conversation
When accessing /api/... endpoints the CorsFilter was not always hit and so these endpoints could not be used from webapps even if CORS was properly configured. The problem seemed to be with ApiRouter's forwarding mechanism from /api/... to /api/v1/... Adding FORWARD dispatcher types to @webfilter solves this. Fix is based on this zulip thread: https://dataverse.zulipchat.com/#narrow/channel/379673-dev/topic/CorsFilter.20Servlet.20Filter.20not.20discovered/near/572358009
poikilotherm
added
Feature: API
Component: Code Infrastructure
ErykKul
left a comment
ErykKul
left a comment
There was a problem hiding this comment.
Looks good to me. Thanks! Just a release note and it's ready.
|
@ErykKul Should I just add |
|
@beepsoft Please feel free to create an issue and link this PR to it. Can be brief. Also, I see Jenkins is not happy with one IT: Can you please look into that? Thx! Also, CorsIT must be added to https://github.com/IQSS/dataverse/blob/develop/tests/integration-tests.txt |
|
I see in https://jenkins.dataverse.org/blue/organizations/jenkins/IQSS-Dataverse-Develop-PR/detail/PR-12151/7/tests that the tests now run, but CorsIT fails - the headers are all not present. I have a hunch that we might need @donsizemore to enable CORS during testing. Unfortunately, we currently have no way to change JVM options at runtime (there may exist an issue about this already). @pdurbin WDYT should we disable these tests until we figure out the remote JVM option part? Can we just enable CORS in Jenkins without affecting other tests? |
|
FWIW: I've recently started making non-IT tests with direct (mocked) calls to API methods to be able to test non-default JVM options, e.g. in LDNInboxTest.java and LocalContextsTest.java. Is that a useful approach here? |
|
There seem to be some open questions and some failing tests and the PR is still in draft so I moved it from "ready for QA" to "ready for review". |
@beepsoft |
|
@beepsoft what do you think? |
|
If it makes sense, sure! Do I have to do anything about it? |
|
"Maintainers are allowed to edit this pull request" and @poikilotherm is in that list. So he can go ahead. 🎉 |
…S#12161 Relocated the big-data-support documentation to the installation section and updated all cross-references accordingly. Added redirect for the old location.
…ols and S3 admin guide Updated external tools documentation to clarify CORS requirements and renamed reference to `:ref:`dataverse.cors``. Changed CORS section in big-data-administration.rst to use explicit cross-reference label `:ref:`cors-s3-bucket`` instead of textual reference only.
…xpand configuration option descriptions
…12161 - Clarify CORS requirements for direct uploads and downloads - Add cross-references to Dataverse CORS settings - Provide step-by-step instructions and examples for AWS CLI and Minio - Refactor guidance on ensuring origin compatibility between Dataverse and S3
…ython 3.12 IQSS#12161 Necessary update for RTD and to enable using sphinx-reredirect extension
|
I merged the latest |
7 participants
What this PR does / why we need it:
Fixes
CorsFilterinvocation inconsistency.When accessing /api/... endpoints the
CorsFilterwas not always hit and so these endpoints could not be used from webapps even if CORS was properly configured.The problem seemed to be with
ApiRouter's forwarding mechanism from /api/... to /api/v1/...Adding FORWARD dispatcher types to
@WebFiltersolves this.Fix is based on this zulip thread:
https://dataverse.zulipchat.com/#narrow/channel/379673-dev/topic/CorsFilter.20Servlet.20Filter.20not.20discovered/near/572358009
Also fixes #12161 with docs changes made by @poikilotherm originally as PR #12162
Suggestions on how to test this:
CorsIT.javais added to test whether CORS headers are present for both /api/... and /api/v1/... invocations. For it to pass CORS must be enabled in Dataverse, eg. by settingDATAVERSE_CORS_ORIGIN: "*"env for
dev_dataverseindocker-compose-dev.yml